ISO/IEC TR 27550:2019 — Information technology — Security techniques — Privacy engineering for system life cycle processes
‘Privacy engineering’ involves taking account of privacy during the entire cradle-to-grave lifecycle of IT systems, such that privacy is and remains an integral part of their function.
Scope of the standard
This is an IT security standard about engineering IT systems to satisfy privacy requirements relating to the protection of personal data.
Content of the standard
- Discusses how privacy engineering supports system and security engineering, information risk management, knowledge management etc.
- Elaborates on conceptual principles such as privacy-by-design and privacy-by-default, important design goals noted in GDPR and elsewhere;
- Elaborates on the processes for identifying, evaluating and treating privacy risks in the course of IT systems design;
- Explains how IT systems can be engineered to support and satisfy the OECD privacy principles which form the basis of most privacy laws and regulations.
The standard was published in September 2019.
The procedures for operating, using, monitoring, managing and maintaining IT systems and their privacy controls are just as important as the technical controls themselves, and also benefit from being systematically developed (specified, designed, documented, mandated, operated, monitored, maintained ...): I am glad this standard is not totally focused on the technology.
< Previous standard ^ Up a level ^ Next standard >